On 5/5/2017 8:53 PM, do...@mail.com wrote:
I received this very unusual email a few days ago. It (or another
email), timed out my spamassassin check (which is a first).
I'm including the full text of the spam below along with all of the
headers.
I'm interested if this mail is legit, or if it's just a new trap.
I have skipped through parts of the audio (play as user nobody :) and
there is no voice, or discernible instrument; just a bunch of tones and
really bad synthetic sounding drums.
I don't even have an idea why someone would listen to this...
I can send you the whole mp3, but I've opted to just send the md5sum for
now since the file is 10MiB. The md5 sum is
3fec277311e73175c6f49b70d8a063e8 .
The email also contains an html part (identical to the text part in
content), and 8 images; 1 jpeg and 7 png. These include a facebook and
twitter buttons.
Thanks,
David
Return-Path: <rele...@racolage.xxx>
Received: from racolage.xxx ([216.51.232.227]) by mx.mail.com
(mxgmxus005 [74.208.5.20]) with ESMTP (Nemesis) id
0MBmC1-1dGJ253K3r-00AlEr for <do...@mail.com>; Tue, 02 May 2017
15:42:19 +0200 Received: from [127.0.0.1] (localhost.localdomain
[127.0.0.1]) by racolage.xxx (Postfix) with ESMTP id CEC563060E55
for <do...@mail.com>; Tue, 2 May 2017 09:42:16 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=racolage.xxx;
s=mail; t=1493732537; bh=mjg3vHGJXalwbtWTwqzRztpRTwhvBrVGp+58Vhw6DJM=;
h=List-Unsubscribe:From:To:Subject:Date:From;
b=l6O3++WGARbyASNz/FZWqZJB3Ghdyx0pzy7CtiM9O4viBfiayWejyZEi1dXy3lT6t
FjOmZGb7hzymCJ4TcIcUCBPEkEVUqcb1YRn0YyqQ0Zn/9YYoVqvXZIrFHIlAj5fZWN
PzyyhGyAeRJaJ18acQAVhtNz79xeH3CPYyyGGjIA=
Content-Type: multipart/mixed;
boundary="----sinikael-?=_1-14937325368410.12218541851445819"
List-Unsubscribe: http://racolage.xxx/unsubscribe.html
Precedence: bulk
Feedback-ID: release1:racolage.xxx
From: racolage.xxx ⛅ ⚡ <rele...@racolage.xxx>
To: do...@mail.com
Subject: AUDIO TRACK #1 | Contact Person - Your Email Address Was
Selected Message-ID: <facda02e-274b-2fd8-4f5b-64823bbdf...@racolage.xxx>
X-Mailer: nodemailer (2.7.2; +https://nodemailer.com/;
SMTP/2.7.2[client:2.12.0])
Date: 05/02/2017(Tue) 09:42
MIME-Version: 1.0
Envelope-To: <do...@mail.com>
X-GMX-Antispam: 0 (Mail was not recognized as spam); Detail=V3;
X-GMX-Antivirus: 0 (no virus found)
X-UI-Filterresults:
<sniped large body of base64 encoded text belonging to above header>
YOU HAVE RECEIVED A TRACK <<<<<<
CHECK THE ATTACHMENT!!! <<<<<<
Contact Person - Your Email Address Was Selected
Underprocecessed ultrasonic glitch bossanova (low bitrate mix specially
for racolage.xxx). CREDIT: written & produced in moscow 2014-2017
YOU HAVE RECEIVED A TRACK <<<<<<
CHECK THE ATTACHMENT!!! <<<<<<
Released by : http://racolage.xxx
facebook : https://www.facebook.com/racolage/
twitter : https://twitter.com/racolagexxx
contact : cont...@racolage.xxx
unsubscribe : http://racolage.xxx/unsubscribe.html
The .xxx TLD was made to separate porn from the general internet, so
it's unlikely that this is legit.
